Jump to content

  • Log In with Google      Sign In   
  • Create Account

Protecting game data against theft or modification


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
12 replies to this topic

#1 Medo3337   Members   -  Reputation: 680

Like
0Likes
Like

Posted 27 November 2012 - 10:49 AM

How leading games protect their models, textures and other game data against theft or modification?

Does they use encryption methods? If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games?

Edited by Medo3337, 27 November 2012 - 10:58 AM.


Sponsor:

#2 Steve_Segreto   Crossbones+   -  Reputation: 1558

Like
1Likes
Like

Posted 29 November 2012 - 06:24 PM

It appears to me they don't. I haven't seen any resources that are encrypted. Usually they are compressed or packed into some archive file format, but not encrypted. Most games also have an active modding community so the art resources aren't validated client side. There are always exceptions of course. ..

#3 Hodgman   Moderators   -  Reputation: 32016

Like
0Likes
Like

Posted 29 November 2012 - 06:29 PM

If so, what is the encryption method that's commonly used in popular games especially First-Person Shooter games?

Regular .zip or .7z files, with the file extension renamed. Really.

When you play online, the hash of important assets is compared with the server to check if they've been modified. Of course, you could hack the exe to make it lie about the hashes, so they then need 3rd party cheat detectors like PunkBuster/VAC to ensure the exe isn't modified, and then the anti-cheat programs need clever mechanisms to ensure the anti-cheat hasn't been cheated, and so on.

Edited by Hodgman, 29 November 2012 - 06:31 PM.


#4 TheChubu   Crossbones+   -  Reputation: 4839

Like
0Likes
Like

Posted 29 November 2012 - 06:29 PM

Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression)

Edited by TheChubu, 29 November 2012 - 06:30 PM.

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#5 L. Spiro   Crossbones+   -  Reputation: 14434

Like
1Likes
Like

Posted 29 November 2012 - 06:34 PM

It is not possible to protect your game’s data. Most companies by now have realized this and simply allow their compression to act as a weak encryption rather than adding additional layers of protection for basically nothing.

Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.


L. Spiro
It is amazing how often people try to be unique, and yet they are always trying to make others be like them. - L. Spiro 2011
I spent most of my life learning the courage it takes to go out and get what I want. Now that I have it, I am not sure exactly what it is that I want. - L. Spiro 2013
I went to my local Subway once to find some guy yelling at the staff. When someone finally came to take my order and asked, “May I help you?”, I replied, “Yeah, I’ll have one asshole to go.”
L. Spiro Engine: http://lspiroengine.com
L. Spiro Engine Forums: http://lspiroengine.com/forums

#6 SimonForsman   Crossbones+   -  Reputation: 6325

Like
0Likes
Like

Posted 29 November 2012 - 08:05 PM

Besides, if the encryption method was common, it would defeat the purpose of encryption. If you (think you) need it, make it yourself. Using one that is already well understood and cracked won’t be of much help.

L. Spiro


It might be worth adding that this recommendation only holds if you are using encryption to prevent a user from copying/reading/modifying data on his own machine while that exact same machine running your software has to be able to decrypt that data.

When you are using encryption to send data to another person / machine and want to ensure that only that person / machine can read the data you should use a popular, well known and well tested encryption system.
I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#7 Medo3337   Members   -  Reputation: 680

Like
0Likes
Like

Posted 30 November 2012 - 05:41 AM

Have in mind that videogames can use gigabytes and gigabytes of content.

Remember that you only need to decrypt one single mission data to render the mission world, some encryption methods are fast especially because you are dealing with memory and not storage device.

#8 kubera   Members   -  Reputation: 973

Like
0Likes
Like

Posted 30 November 2012 - 05:48 AM

For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.

Protecting resources in the GPU would be a problem.

#9 Bacterius   Crossbones+   -  Reputation: 9305

Like
1Likes
Like

Posted 30 November 2012 - 07:50 AM

Have in mind that videogames can use gigabytes and gigabytes of content. Decrypting it on the fly while running the game would take too much time and processing power to actually have a playable game running besides the whole decryption proccess (that or awfully long loading screens).

(im talking about actual encryption of the data, not just compression)

That's not possible. Encryption, when done right with the appropriate algorithms, is considerably faster than disk I/O, it cannot be a bottleneck (RC4 on an average processor can reach 600MB/s, that's on a single core). The main reason it's not done is that it's useless. By definition, any data that is going to be used by the program must be decrypted somehow, leaving it free to be read by anyone skilled enough to do so, no matter how many security checks you put in your code. Simply not encrypting, and renaming the compressed file, is enough to throw off near 100% of those who would steal the assets, at which point it's no longer cost-effective to work towards improving asset security.

For protecting your application, you could sign it by the Authenticode certificate.
Such application would check data's integrity.

Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.

The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#10 Vexal   Members   -  Reputation: 416

Like
1Likes
Like

Posted 30 November 2012 - 06:06 PM

The only way to be sure is to only let people play your game while you stand behind them watching.

#11 kubera   Members   -  Reputation: 973

Like
0Likes
Like

Posted 30 November 2012 - 11:23 PM

Unfortunately this will do nothing. Anyone smart enough to do so will simply remove the integrity check from the binary, and there goes your clever scheme.


Yes, but the signature would be broken.

#12 Bacterius   Crossbones+   -  Reputation: 9305

Like
0Likes
Like

Posted 30 November 2012 - 11:56 PM

Yes, but the signature would be broken.

But how would this matter in practice? :)

The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#13 Hodgman   Moderators   -  Reputation: 32016

Like
0Likes
Like

Posted 01 December 2012 - 12:06 AM

Signed executables are required on a lot of platforms (consoles and some PC publishing platforms), however, they're only any use if the security of the authenticator can't be broken. On consoles, it's a closed platform, so this works until someone cracks the hardware/OS, but on PC it's not possible to make 100% secure. If authentication is done locally it can be cracked, and if it's done remotely then a local hack can send lies over the network. In either case, you can still interfere with a running program after it's been launched/authenticated.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS